We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but […]
Cyber News, Cyber Threat Trends
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw (CVSS score: 8.8), dubbed “Hell’s Keychain” by cloud security firm Wiz, has been described as a “first-of-its-kind supply-chain attack vector impacting a
Cyber News, Cyber Threat Trends
Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive […]
Cyber News, Cyber Threat Trends
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. “Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server
Cyber News, Cyber Threat Trends
Platform certificates used by Android smartphone vendors like Samsung, LG, and MediaTek have been found to be abused to sign malicious apps. The findings were first discovered and reported by Google reverse engineer Łukasz Siewierski on Thursday. “A platform certificate is the application signing certificate used to sign the ‘android’ application on the system image,” a report […]
Cyber News, Cyber Threat TrendsThe number of memory safety vulnerabilities in Android dropped from 223 in 2019 to 85 in 2022
Cyber News, Cyber Threat TrendsFirst used as botnets, their lucrative nature turned them into independent criminal enterprises
Cyber News, Cyber Threat TrendsYou flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every […]
Cyber News, Cyber Threat TrendsHP’s latest report suggests 44% of malware was delivered via archive files in Q3 2022
Cyber News, Cyber Threat Trends